Security & Compliance

Security & Compliance

Security is foundational, not an afterthought. We protect your infrastructure with defense-in-depth, continuous monitoring, and strict compliance with European regulations.

Security Practices

Encryption Everywhere

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). SSH keys required for server access. No unencrypted protocols.

Network Isolation

Every customer's instances run in isolated VLAN segments. Private networking is available for inter-instance communication without traversing the public internet.

Access Controls

Role-based access control, mandatory two-factor authentication for staff, hardware security keys for production access, and comprehensive audit logging.

Vulnerability Management

Continuous vulnerability scanning of our infrastructure. Critical patches prioritized and applied promptly. Regular third-party penetration testing.

DDoS Protection

Multi-layer DDoS mitigation at the network edge. Volumetric, protocol, and application-layer attacks are filtered automatically before reaching your instances.

Incident Response

Documented incident response procedures with defined escalation paths. Post-incident reports published promptly for any customer-impacting event.

Compliance & Standards

We operate within strict regulatory frameworks and apply industry best practices that give our customers confidence in our security posture.

GDPR

GDPR-compliant processing under the EU General Data Protection Regulation. Data Processing Agreements available for all customers.

EU Data Residency

All data stored exclusively in EU datacenters in the Netherlands. EU-hosted with Dutch legal jurisdiction.

Encryption

TLS 1.3 for all data in transit and AES-256 encryption for data at rest. Automated certificate management across all services.

NEN 7510

Our infrastructure provides a foundation for customers with Dutch healthcare compliance requirements. Customers are responsible for their own NEN 7510 compliance assessment.

Responsible Disclosure

Found a vulnerability? We welcome responsible disclosure. Our security team will acknowledge your report within 24 hours and work with you on remediation.

Report a Vulnerability

Data Processing

We offer a standard Data Processing Agreement (DPA) compliant with GDPR Article 28 to all customers processing personal data on our infrastructure.

View DPA